Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Windows 10: If you want a highly secure device, follow these rules, says Microsoft

Microsoft has published a new standard for creating a very secure Windows 10 machine.

Windows 10: If you want a highly secure device, follow these rules, says Microsoft

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Computer will not load / run software  (Read 1209 times)

0 Members and 1 Guest are viewing this topic.

etavares

  • Substitute Leader Malware Analysis & Removal Team
  • Administrator
  • *
  • Offline Offline
  • Posts: 213
  • .: 1st Responder
Re: Computer will not load / run software
« Reply #2 on: March 07, 2013, 02:44:42 AM »
Hi,

That seems to be clear.  The MBR is a bit odd, but doesn't appear infected.  Do you know what the small 1GB partition is?  Is that a Lenovo utilities partition?  The logs look clean.  What program isn't running?  What happens whey you try to run it?

Is the image of a fresh install?  There are some orphaned entries I wouldn't expect from a fresh install.

Can you run other programs or just this one?

-etavares

gsgiTopic starter

  • Gold Forum Friend
  • *
  • Offline Offline
  • Posts: 9
Computer will not load / run software
« Reply #1 on: March 06, 2013, 05:55:11 PM »
Hi.

I have a new install, we use pcmover to load an image, but the same software that works on 40 other computers does not load or run (one or the other) on this one.  I want to make sure this system is clean from some weird infection.

c:\Users\defaultadmin\Downloads>catchme
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12,
ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQuer
yDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error


c:\Users\defaultadmin\Downloads>mbr
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read  The handle is invalid.
kernel: error reading MBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-06 10:19:47
-----------------------------
10:19:47.595    OS Version: Windows x64 6.1.7601 Service Pack 1
10:19:47.595    Number of processors: 2 586 0x170A
10:19:47.595    ComputerName: NHOP3A  UserName:
10:19:49.046    Initialize success
10:20:37.249    AVAST engine defs: 13030600
10:22:26.528    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:22:26.528    Disk 0 Vendor: WDC_WD3200AAJS-08L7A0 03.03E03 Size: 305245MB BusType: 3
10:22:26.543    Disk 0 MBR read successfully
10:22:26.543    Disk 0 MBR scan
10:22:26.543    Disk 0 unknown MBR code
10:22:26.559    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
10:22:26.590    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       293543 MB offset 2459648
10:22:26.652    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10500 MB offset 603635712
10:22:26.715    Disk 0 scanning C:\Windows\system32\drivers
10:22:40.302    Service scanning
10:23:03.094    Modules scanning
10:23:03.094    Disk 0 trace - called modules:
10:23:03.110    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:23:03.110    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c09060]
10:23:03.125    3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa80046eae40]
10:23:03.125    5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004761060]
10:23:04.607    AVAST engine scan C:\Windows
10:23:07.384    AVAST engine scan C:\Windows\system32
10:25:59.499    AVAST engine scan C:\Windows\system32\drivers
10:26:15.614    AVAST engine scan C:\Users\defaultadmin
10:26:56.798    AVAST engine scan C:\ProgramData
10:27:31.056    Scan finished successfully
10:28:44.859    Disk 0 MBR has been saved successfully to "C:\Users\defaultadmin\Documents\MBR.dat"
10:28:44.859    The log file has been saved successfully to "C:\Users\defaultadmin\Documents\aswMBR.txt"


Thanks,
gsgi
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle